This allows us to directly compare diverse security products and to compute the increase in total detection rate gained by adding a security product to a defense in depth strategy not just its stand alone detection rate.
This approach provides an automated means of evaluating risks and the security posture of alternative security architectures.
To design defense in depth organizations rely on best practices and isolated product reviews with no way to determine the marginal benefit of additional security products.
We propose empirically testing security products’ detection rates by linking multiple pieces of data such as network traffic, executable files, and an email to the attack that generated all the data.
Jajodia, “Using Attack Graphs for Correlating, Hypothesizing, and Predicting Intrusion Alerts,” Computer Communications, Vol.
These help administrators to insight into intrusion steps, determine security state and assess threat.
With this algorithm, various invalid threats are filtered; current valid threats are obtained by correlating the dynamic alarms with a static attack scenario.
Network attack graphs are originally used to evaluate what the worst security state is when a concerned net-work is under attack.
Along with the improving advantages, security threats are emerging continually and bringing great pressure and challenges.
An identification and analysis method for network real-time threats is proposed to accurately assess and master the current network security situation, and thereby preferably guide a dynamic defense.